Destination NAT

Destination NAT refers to the translation of traffic travelling from the external to the internal network.

In this example we use it to forward traffic to different locations.

Continuing on from our scenario (IP masquerading in use), lets now assume a web server is attached to the VyOS machine, and has an private IP of 10.0.0.2/24. We wish to be able to access this through the VyOS machine's external IP. We could create a NAT rule which would forward traffic from port 80 of the VyOS machine to port 80 of the web server.

The destination port is where the incoming port on the VyOS machine, and the translation address and port is what it gets translated to.

However, for this to completely work, the web server must have its default gateway set to the VyOS machine. This is done on the web server (10.0.0.1 in this example, assuming the web server is running linux).

sudo route add default gw 10.0.0.1

1-to-1 NAT

Say we now wish to directly apply a 1-to-1 NAT between the VyOS machine (23.90.55.23) and the web server (10.0.0.2).